<?php
	header("Content-Type: text/html;charset=utf-8");
	include("../../function/_nosql.php");
	include("../../function/function.php");
	
	$action = chkstr(trim($_REQUEST['action']));
	$username = chkstr(trim($_REQUEST['username']));
	$password = chkstr(trim($_REQUEST['password']));
	$passcode = chkstr(trim($_REQUEST['passcode']));
	
	if($action == "chklogin"){
		// 验证用户名
		if(strlen($username)<1){
			echo erro("用户名不能为空");
		}
		// 验证密码
		if(strlen($password)<1){
			echo erro("密码不能为空");
		}
		// 验证验证码
		if(strlen($passcode)<1){
			echo erro("验证码不能为空");
		}
		if(isNumber($passcode) == false){
			echo erro("验证码只能为数字");
		}
		if($passcode != $_SESSION['verifyCode']){
			echo erro("验证码错误");
		}
		
		// MD5双层加密
		$password = md5(md5($password.$ServicePwdFix));
		$Is_Users = getNewsNums("kboy_admin","admin_username='$username' AND admin_password='$password'");
		if($Is_Users >0){
			$_SESSION['kboy_admin'] = $username;
			echo ok("登录成功","admin.php");
		}else{
			echo erro("用户名或密码错误");
		}
	}else{
		echo erro("参数错误");
	}
?>